X-Git-Url: http://aleph1.co.uk/gitweb/?a=blobdiff_plain;f=web%2Fcore%2Fmodules%2Fsystem%2Ftests%2Fsrc%2FFunctional%2FCsrfRequestHeaderTest.php;h=0bb9016c4819a00e4766da008aa4d156b3041614;hb=1c1cb0980bfa6caf0c24cce671b6bb541dc87583;hp=c6d7b35dad0308f9b0b91649cf56881fad8cc2ea;hpb=a2bd1bf0c2c1f1a17d188f4dc0726a45494cefae;p=yaffs-website

diff --git a/web/core/modules/system/tests/src/Functional/CsrfRequestHeaderTest.php b/web/core/modules/system/tests/src/Functional/CsrfRequestHeaderTest.php
index c6d7b35da..0bb9016c4 100644
--- a/web/core/modules/system/tests/src/Functional/CsrfRequestHeaderTest.php
+++ b/web/core/modules/system/tests/src/Functional/CsrfRequestHeaderTest.php
@@ -4,7 +4,6 @@ namespace Drupal\Tests\system\Functional;
 
 use Drupal\Core\Url;
 use Drupal\Tests\BrowserTestBase;
-use GuzzleHttp\Cookie\CookieJar;
 
 /**
  * Tests protecting routes by requiring CSRF token in the request header.
@@ -27,7 +26,7 @@ class CsrfRequestHeaderTest extends BrowserTestBase {
    * uses the deprecated _access_rest_csrf.
    */
   public function testRouteAccess() {
-    $client = \Drupal::httpClient();
+    $client = $this->getHttpClient();
     $csrf_token_paths = ['deprecated/session/token', 'session/token'];
     // Test using the both the current path and a test path that returns
     // a token using the deprecated 'rest' value.
@@ -44,11 +43,6 @@ class CsrfRequestHeaderTest extends BrowserTestBase {
         $url = Url::fromRoute($route_name)
           ->setAbsolute(TRUE)
           ->toString();
-        $domain = parse_url($url, PHP_URL_HOST);
-
-        $session_id = $this->getSession()->getCookie($this->getSessionName());
-        /** @var \GuzzleHttp\Cookie\CookieJar $cookies */
-        $cookies = CookieJar::fromArray([$this->getSessionName() => $session_id], $domain);
         $post_options = [
           'headers' => ['Accept' => 'text/plain'],
           'http_errors' => FALSE,
@@ -60,7 +54,7 @@ class CsrfRequestHeaderTest extends BrowserTestBase {
 
         // Add cookies to POST options so that all other requests are for the
         // authenticated user.
-        $post_options['cookies'] = $cookies;
+        $post_options['cookies'] = $this->getSessionCookies();
 
         // Test that access is denied with no token in header.
         $result = $client->post($url, $post_options);